------------[ cut here ]------------
WARNING: CPU: 0 PID: 13535 at net/core/flow_dissector.c:1107 __skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1102
Modules linked in:
CPU: 0 PID: 13535 Comm: kworker/u4:14 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1107
Code: db 59 00 00 80 3d 70 ac fd 05 01 0f 85 01 5a 00 00 e8 06 27 0f f9 e9 17 f9 ff ff e8 fc 26 0f f9 e9 b4 03 00 00 e8 f2 26 0f f9 <0f> 0b e9 00 ff ff ff e8 e6 26 0f f9 c6 05 3b ac fd 05 01 48 c7 c7
RSP: 0018:ffffc90000006a20 EFLAGS: 00010246
RAX: ffffffff8877fb0e RBX: ffff8880500b54f0 RCX: ffff888021593c00
RDX: 0000000000000100 RSI: ffffffff8b1c8f80 RDI: ffffffff8b1c8f40
RBP: ffffc90000007038 R08: dffffc0000000000 R09: 1ffffffff2238ca0
R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8e8b8b78
R13: ffffffff8877f129 R14: 0000000000000000 R15: 1ffffffff1d17170
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa115bea4c0 CR3: 000000004e232000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
skb_flow_dissect_flow_keys include/linux/skbuff.h:1544 [inline]
___skb_get_hash net/core/flow_dissector.c:1801 [inline]
__skb_get_hash+0xf3/0x2e0 net/core/flow_dissector.c:1866
skb_get_hash include/linux/skbuff.h:1586 [inline]
nft_trace_init+0x1bb/0x410 net/netfilter/nf_tables_trace.c:316
nft_do_chain+0x14fc/0x1600 net/netfilter/nf_tables_core.c:268
nf_route_table_hook6+0x366/0x7b0 net/netfilter/nft_chain_route.c:88
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
nf_hook include/linux/netfilter.h:259 [inline]
__ip6_local_out+0x784/0x8a0 net/ipv6/output_core.c:143
ip6_local_out+0x2a/0x130 net/ipv6/output_core.c:153
ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
udp_tunnel6_xmit_skb+0x53e/0x970 net/ipv6/ip6_udp_tunnel.c:109
tipc_udp_xmit+0x58d/0xb40 net/tipc/udp_media.c:220
tipc_bearer_xmit_skb+0x2ad/0x3f0 net/tipc/bearer.c:575
tipc_disc_timeout+0x596/0x6f0 net/tipc/discover.c:338
call_timer_fn+0x189/0x540 kernel/time/timer.c:1701
expire_timers kernel/time/timer.c:1752 [inline]
__run_timers+0x542/0x800 kernel/time/timer.c:2023
run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036
handle_softirqs+0x280/0x820 kernel/softirq.c:578
do_softirq+0xfa/0x1a0 kernel/softirq.c:479
__local_bh_enable_ip+0x184/0x1c0 kernel/softirq.c:406
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_nc_purge_paths+0x311/0x3a0 net/batman-adv/network-coding.c:471
batadv_nc_worker+0x369/0x610 net/batman-adv/network-coding.c:722
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293